What are TSCM, Debugging, and Bug Sweeps All About? (original) (raw)

The Threat - Illegal Eavesdropping in the United States

The manufacture, sale, installation, and monitoring of illegal surveillance devices is a multi billion underground industry within the United States.

The U.S. State Department estimates that at least 800 million dollars of illegal bugging and eavesdropping equipment is imported and installed into corporations in the United States each year.

The majority of this equipment is illegally imported into the United States from France, Germany, Lebanon, Italy, Canada, Israeli, England, Japan, Taiwan, South Africa, and a host of other countries.

Additionally, anyone with a soldering iron and a basic understanding of electronics can build and install an eavesdropping device. The raw materials to build such a device may be easily obtained at Radio Shack, or salvaged from consumer electronic devices such as cordless telephones, intercom systems, and televisions.

In the United States over six millions dollars worth of surveillance devices are sold to the public each day. Most of these products are sold from storefront operations, spy shops, attorneys, and via private investigators located in major metro areas such as New York, Miami, Los Angles, San Francisco, Dallas, Chicago, and Minneapolis. This does not include the tens of billions spent each year for legitimate eavesdropping products purchased by law enforcement, military, and intelligence agencies worldwide.

This equipment is commonly sold over the counter, via mail order, and through the Internet. Most of these bugging devices cost only a few dollars, but highly sophisticated, quality products may be purchased for less than one thousand dollars.

In New York City alone there are over 85 companies (in 1997) which will not only sell you the eavesdropping device, but will break into the targets office to install the device, and for an additional fee will provide a monitoring and transcription service.

The FBI and other federal law enforcement agencies have repeatedly indicated that they lack the resources and training to enforce or properly investigate the technical security threat within the United States. Law enforcement agencies in general lack either the training or equipment to perform bug sweeps. It is rare for a company that offers private investigative services to have even the slightest clue how to perform a bug sweep (although many think they do). {Useful hint: Never engage someone to perform a bug sweep for you unless they have an extremely strong technical background, and always ask them if they already have all of the equipment that they need to do the job, or if they will need to purchase anything... You will be amazed how many PI's this last question will make run away almost like their hair is on fire as many of them lack the equipment to do a sweep.}

Technical surveillance and industrial espionage is a serious problem which can have a VERY GRAVE IMPACT on your company and your own personal freedoms.

Audio Bug

Our cause is a secret within a secret, a secret that only another secret
can explain; it is a secret about a secret that is veiled by a secret.
-- Ja'far as-Sadiq (6th Imam)

The Defense - Granite Island Group

If you are concerned about covert eavesdropping or wiretapping then it would be wise to contact Granite Island Group, or another TSCM firm and schedule a "Bug Sweep" or TSCM Inspection. However, do not call from a suspect telephone, cellular telephone, or cordless phone and understand that it is critical that you should get someone out to your location as quietly, and as quickly as possible.

Granite Island Group offers technical counterintelligence and engineering service including the following:

Spy Shop Toy

Various Types of TSCM Services

TSCM - Technical Surveillance Counter Measures (TSCM) includes all countermeasures employed to prevent or detect the interception of sensitive, classified, or private information. TSCM is typically an inspection by a technician or engineer of a physical item or place (briefcase, automobile, office, home, boat, etc...). The purpose is to locate possible covert surveillance devices (bugs), technical security weakness, and technical security hazards. A TSCM specialist will also evaluate for weaknesses all locks, alarms, and other systems of physical and electronic security or controls.

Vulnerability Analysis/Threat Assessment - A formal vulnerability analysis or threat assessment should be performed well in advance of any TSCM sweep. The TSCM specialist will normally visit the facility for a day or two, and identify weaknesses with locks, doors, alarms, fence lines, video cameras, telephone systems, network, and computer security. The end product for a vulnerability analysis is a brief report which addresses specific issues which need to be corrected. This type of inspection can help senior management fulfill their responsibilities of Due Diligence.

The primary purpose of a vulnerability analysis is to answer the following questions:

  1. Who would want to spy on us?
  2. What information would they be interested in?
  3. Where are we most vulnerable?
  4. Where would they attack us?
  5. When are we most vulnerable?
  6. How could they attack us?
  7. Effects of our corporate secrets being released?
  8. Are we as secure as we think?

It's a waste of money to have any TSCM services performed without first having a careful vulnerability analysis or threat assessment completed.

TSCM Inspection - An evaluation (which does not involve test equipment) of a sensitive facility to determine physical security measures required to protect against technical penetration or unaided audio leakage.

**In Place Monitoring (IPM)**- This is the simplest and lowest level type of legitimate TSCM sweep, it consists of monitoring a given thing or place while an event or meeting is in progress. While it is just a cursory check it is does allow a certain amount of security and privacy when time is limited. In Place Monitoring assumes that the facilities are secure and that the only threat is from meeting attendees (ie: tape recorders, wireless microphones, etc...)

The amount of formal training needed to do this type of a sweep is minimal (5-10 days) and the equipment required will fit into two or three briefcases.

8566B HP 7000 Series

Full TSCM Survey/Sweep - A comprehensive electronic, visual, and physical examination of a sensitive facility by TSCM personnel (using laboratory grade instruments) to ascertain that the area is free of technical penetrations and to detect technical security hazards and weaknesses.

This type of inspection is commonly done for attorneys, executives, and corporate board rooms. For this inspection every wire in a given area is checked in for any type of covert listening or video devices. Special equipment is used to search for covert devices transmitting on the airwaves. Normally the RF search is done first, followed by the wire and conductor check, followed by a detailed physical search.

The amount of formal TSCM training needed to do this type of a sweep is extensive (500 hours minimum), plus an expert level of knowledge in security, electronics, communications, and computer science is also required (involving thousands of hours of additional baseline formal training).

This type of inspection is commonly performed at military facilities, embassies, defense contractors, DOE facilities, government agencies, police departments, etc...

In Place Monitoring + TSCM Survey - This is one of the most common types of inspections. It involves completing a full sweep prior to the event, and then conducting a normal IPM during the event. Commonly performed for SCIFs, high level business meetings, Board of Directors meetings, and similar high security events.

Protective Detail TSCM Survey/Sweep - Performed strictly for high threat situations (heads-of-state, diplomats, VIPs, entertainers, corporate executives, and the very rich). This is the type of inspection the U.S. Secret Service performs for the President when he is going to be visiting a place. In addition to a full inspection it also involves inspecting and X-raying walls, lamps, furniture, cushions, and so forth.

Additionally, this type of inspection also looks for explosives, bombs, poisons, chemical weapons, contraband, and other safety and security hazards. The goal is to locate not only bugging devices, but anything that could cause the protectee any harm or embarrassment.

The amount of formal training needed to do this type of a sweep is very high, often involving years of training, an extremely high level of expertise is required. Personnel providing this type of service will also be trained in some kind of executive and dignitary protection.

A Protective Detail TSCM Inspection requires specific equipment.

TSCM Preconstruction Assistance - A service conducted by TSCM personnel during the planning stages of new construction.

TSCM Screening - This inspection involves the examination of equipment and furnishings prior to their introduction into a facility which has previously received a TSCM survey.

Rain Dance - This type of TSCM inspection is usually done by inadequately trained individuals with little or no formal training in electronics or intelligence. The tools used are minimal (basically nothing more then fancy props), and the inspection consists of the "sweeper" dancing around with a small hand held box. It is common for this sweeper to find bugs (some, ones he brought with him to insure future business). The amount of formal training needed to do this type of activity is minimal (2-7 days).

Xandi Bug

When contacting any TSCM firm please remember not to call from any
suspect area, do not use your cellular telephone, do not use your
cordless phone, and do not use any suspect telephone (instead call
from a sterile phone somewhere outside the suspect area.

The Objectives of any TSCM Program or Service

Detection - Measures taken to detect technical surveillance devices, technical security hazards, and physical security weaknesses that would permit the technical or physical penetration of a facility.

A technical surveillance device is a item designed to intercept conversations or electronic transmissions and are commonly known as "bugs."

A technical security hazard may allow the unintentional transmission of information, and is any condition which could permit the technical surveillance of an area. This condition may occur with equipment due to its normal design, installation, operation, maintenance, component deterioration, or damaged condition.

For example, some telephones have the ability to pass audio even when hung up.

Nullification - The process of neutralizing or negating technical devices employed by making the placement of such devices more difficult. This includes ensuring that a room is protected with adequate physical construction and security measures thus making the placement or use of illegal listening devices ineffective.

Isolation - A method to deter, or make extremely difficult, the introduction of a eavesdropping device by establishing special areas, security areas, or SCIF's for the conduct of classified or sensitive activities.

According to statistics published by U.S. Attorney Mary Jo White (New York, NY); In March 1997, three New York businessmen (one a former DEA agent) were found guilty of using various store front "Spy Shop" operations to sell over 4,400 illegal listening devices which they had illegally smuggled into the country. As a result of this case over 80 other people were convicted of dealing in illicit eavesdropping equipment... most of those convicted are still in business, and only viewed their criminal case as "a cost of doing business".

The illegal equipment confiscated during the raids included bugging devices that were miniature transmitters hidden in everyday household and office items like pens, calculators, credit cards, and three-plug electric outlet adapters.

Spy Shop Bug Spy Shop Bug
Above Photographs Courtesy of U.S. Justice Department

Uneasy lies the head that wears the crown.
-- William Shakespeare, Henry VI